Distributed ledger technology includes a peer-to-peer network which timestamps records by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. While such technologies are effective at creating immutable records, the surrounding ecosystems have proven vulnerable to network-based attack, including ecosystems for most of the large cryptocurrency exchanges (including ICO's). In the past, stolen private keys have been transmitted to a remote location and used to author digital signatures on illicit transactions, causing transfer of ownership of billions of dollars' worth of cryptocurrency assets to anonymous third parties. Once private account keys are exfiltrated, current distributed ledger technology may be powerless to prevent nefarious transactions. In fact, due to immutability, as a practical matter it may be difficult or impossible to undo transactions.
Ecosystem participants must also be concerned about risks created by third party software that builds on distributed ledger technology designed to provide added functionality (e.g., payment processors, wallets, fintech applications, smart contract platforms). Malware may exploit code defects in these application, for example to exfiltrate private account keys or spoof legitimate processes.
Distributed ledgers could also be subject to denial of service-like attacks in which bad actors flood the ecosystem with a large number of transactions containing bogus data, particularly in a distributed ledger configured to accept large quantities of data from a low-trust or trustless ecosystem (i.e., an ecosystem where users require little or no authorization to contribute data to the database), or in an ecosystem with compromised private keys. Depending on the algorithm used to validate blocks, communication among peers could be significantly slowed and the functionally hobbled.
Perhaps most significantly, hackers in control of ecosystem nodes and/or private keys can potentially inject malware into a distributed ledger ecosystem via smart contracts. Smart contracts are computer code uploaded to digitally facilitate, verify, or enforce the negotiation or performance of a contract. Bogus smart contracts could be used to force users to malware functions, for example involuntarily committing parties to transfer assets, exfiltrating or corrupting data, or ransoming user's access to their assets or data (a ransomware smart contract). Recently, for example, someone injected malicious code into a cryptocurrency trading platform via a smart contract, enabling the attacker to read private keys belonging to users' wallets.
The foregoing examples map out the vulnerabilities in distributed ledger technology and highlight the fact that as this technology continues to be widely adopted an extensive attack surface is presented. This surface exists because distributed ledger technology, to date, lacks intrinsic network security. Though designed to be deployed across networks (including the public Internet), distributed ledger security features are focused on protecting its logical functionality, specifically (1) guaranteeing that pre-existing records in a distributed ledger have not been altered; and (2) requiring that all additions to the distributed ledger are digitally signed using private keys created by owners or authorized users of the added information. Moreover, despite meticulously and immutably recording the relationships between records, distributed ledger protocols do not require encoding of an audit trail to determine the source of records—ideally they would accurately and consistently identify which device, software, or user/owner posted a transaction for addition to a distributed ledger. This gap further limits the ability to detect and mitigate network-based attacks.